[Clamav-users] clamav-devel-20040125 : cltypes.h: No such file or directory {Scanned}
Dear All, I just (09:00 hrs GMT, Mon 26th Jan 2004) downloaded the latest tarball to try out the OLE2 / VBA stream stuff on our file server. /configure seemed to go OK, I then tried "make" and got: > > In file included from scanners.c:39: > vba_extract.h:26: cltypes.h: No such file or directory > make[1]: *** [scanners.lo] Error 1 > make[1]: Leaving directory `/usr/local/src/clamav-devel-20040125/libclamav' > make: *** [all-recursive] Error 1 > labserver:/usr/local/src/clamav-devel-20040125# > labserver is an AMD Duron Debian box, kernel 2.4.18-1-k7. I was running as root and using gcc version 2.95.4. Any ideas? Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Suggestion: Read list of files to scan from file/stdin {Scanned}
On Wed, Jan 28, 2004 at 08:20:41AM +0100, Tomasz Kojm wrote: > On Tue, 27 Jan 2004 15:23:56 -0800 (PST) > Ryan Finnie <[EMAIL PROTECTED]> wrote: > > > find /path -ctime -1 -exec clamscan \{\} \; > > > > but that invokes clamscan for EVERY matching file found. Instead, I > > would like to request that a new flag, say -f, be added to > > clamscan/clamdscan that takes a list of files, one file per line, from > > a file (-f file) or stdin (-f -). That way you could do: > > > > find /path -ctime -1 | clamscan -i -f - > > > > or: > > > > find /path -ctime -1 > /tmp/toscan > > clamscan -i -f /tmp/toscan > > > > and put it in a nightly cron job. What do you think? > > You can use the CVS version - clamscan supports multiple file arguments > from command line, and build a script that executes clamscan on a bunch > of files. You can fall into a problem with special characters and > spaces, though. Just a thought - perhaps you could modify the "tob" (Tape Orientated Backup) scripts to do this. Tob supports full, incremental and differential file listings. Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}
Hi, I have tried to use freshclam from the cvs version devel-20040127, but after 20 minutes it times out. My job shows the following: > Starting the daily download of the clamAV virus databases to the > Labserver at Wed Jan 28 11:39:26 GMT 2004 > WARNING: Proxy settings are now only configurable in the config file. > ClamAV update process started at Wed Jan 28 11:39:26 2004 > Connecting via proxy.littleport > Reading CVD header (main.cvd): OK > ERROR: Maximal time (1200 seconds) reached. > > Completed the daily download of the clamAV virus databases at Wed > Jan 28 11:59:26 GMT 2004 > > Freshclam return value was 1 The Labserver is an AMD Duron box running Debian Woody. Our Internet connection is uncontested, symmetrical at 512 Kbps. We are located just north of Cambridge in the UK. My mirrors.txt is shown below: > clamav.inet6.fr > clamav.e-admin.de > clamav.fisher.hu > clamav.essentkabel.com > clamav.exsilia.net > #clamav.ozforces.com > #clamav.elektrapro.com > #clamav.essentkabel.com > #clamav.linux-sxs.org > #clamav.rulez.pl > #clamav.org I have never known freshclam take less than 30 minutes to complete, sometimes it can take up to an hour! The timeout for freshclam doesn't appear to be configurable. Any suggestions? Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}
> Try adding "-v" option. Maybe it'll show some important details. > > I suspect that your proxy (or settings concerning it) is the > culprit. Tomasz, Thanks for the reply. I tidied up my freshclam script so that it wasn't passing the "http-proxy" parameter. I then re-ran it with the -v option as suggested. The output from freshclam Starting the daily download of the clamAV virus databases to the Labserver at Thu Jan 29 09:05:03 GMT 2004 Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Thu Jan 29 09:05:03 2004 Connecting via proxy.littleport Connected to database.clamav.net (172.31.2.2). Reading CVD header (main.cvd): OK ERROR: Maximal time (1200 seconds) reached. Completed the daily download of the clamAV virus databases at Thu Jan 29 09:25:03 GMT 2004 appears quickly. After a few seconds the [\] display stops whirling around and thats it. It makes no difference if I use the French mirror. The freshclam process is just sleeping, (STAT "S", no CPU usage and no Memory usage) after its initial burst of activity. Normal downloads from the Net are quick, but our proxy is a Novel box configured and controlled by the main IT dept. Until I build a replacement Debian box I have no control over what it is doing or how it is configured. But why could "ordinary" downloads be quick and yet clam database downloads seem to hang somewhere? Thanks for your help, Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamscan-devel-20040129 and "ERROR: Can't initialize the virus database." {Scanned}
Hi, I'm not have a good time with the latest cvs snapshots so please bear with me. Platform is a Debian (Woody) box - AMD Duron processor. I have downloaded and built ClamAV version devel-20040129 from the tarball. My /usr/local/etc/clamav.conf has the following entry # Path to a directory containing .db files. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # it depends on installation options). DataDirectory /var/lib/clamav #DataDirectory /usr/local/share/clamav ls -l /var/lib/clamav shows total 3420 -rw-r--r--1 clamav clamav 671587 Jan 29 09:26 8835d2dfdc4bef4a -rw-r--r--1 clamav clamav1037239 Jan 29 09:05 e03647661b51a6e7 -rw-r--r--1 root root 212 Jan 28 11:39 mirrors.txt -rw-r--r--1 clamav clamav1762362 Jan 28 16:03 viruses.db -rw-r--r--1 clamav clamav 7929 Jan 28 16:33 viruses.db2 When I try /usr/local/bin/clamscan --log=/var/log/clamscan/apps_win32.log \ --recursive --max-files=2000 --max-space=30M --max-recursion=5 \ /diskc/utils/apps/Win32 I get the response ERROR: Can't initialize the virus database. The return code is 50. Any ideas gratefully received. Thanks, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
FWD: Re: [Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}
> Try adding "-v" option. Maybe it'll show some important details. > > I suspect that your proxy (or settings concerning it) is the > culprit. Tomasz, I should have added that the script which I use to run freshclam checks the return value of freshclam - see extract below. RETVAL=-1 umask 002 /usr/local/bin/freshclam -v --log=/var/log/freshclam/freshclam.log RETVAL=$? echo -en "\nCompleted the daily download of the clamAV virus \ databases at " date echo -e "\nFreshclam return value was $RETVAL" Interestingly, the retrun code from freshclam is 1 (i.e. success). Starting the daily download of the clamAV virus databases to the Labserver at Thu Jan 29 09:26:31 GMT 2004 Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Thu Jan 29 09:26:31 2004 Connecting via proxy.littleport Connected to clamav.inet6.fr (172.31.2.2). Reading CVD header (main.cvd): OK ERROR: Maximal time (1200 seconds) reached. Completed the daily download of the clamAV virus databases at Thu Jan 29 09:46:31 GMT 2004 Freshclam return value was 1 Clearly the script calling freshclam did not set RETVAL to 1, so freshclam must have completed successfully and yet having done this, the freshclam process just goes to sleep until the timeout ocurrs. Thanks again for your help, Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan-devel-20040129 and "ERROR: Can't initialize the virus database." {Scanned}
On Sun, Feb 01, 2004 at 12:21:18AM +0100, Tomasz Kojm wrote: > On Thu, 29 Jan 2004 09:58:00 + > Jo Mills <[EMAIL PROTECTED]> wrote: > > > ls -l /var/lib/clamav shows > > > > total 3420 > > -rw-r--r--1 clamav clamav 671587 Jan 29 09:26 > > 8835d2dfdc4bef4a-rw-r--r--1 clamav clamav1037239 Jan 29 > > 09:05 e03647661b51a6e7-rw-r--r--1 root root 212 Jan > > 28 11:39 mirrors.txt-rw-r--r--1 clamav clamav1762362 Jan 28 > > 16:03 viruses.db-rw-r--r--1 clamav clamav 7929 Jan 28 > > 16:33 viruses.db2 > > > > When I try > > > > /usr/local/bin/clamscan --log=/var/log/clamscan/apps_win32.log \ > >--recursive --max-files=2000 --max-space=30M --max-recursion=5 \ > >/diskc/utils/apps/Win32 > > clamscan doesn't depend on clamav.conf (so it may search for the > databases in other directory). Remember that cvs snapshots come with the > empty files instead of the real databases. Running freshclam should fix > the problem. Tomasz Thanks for the reply. Running freshclam did not solve the problem as freshclam is updating the virus databases to /var/lib/clamav (when it works - I'm the poor sod who is suffering the Novel proxy and the freshclam timeouts) but clamscan from ClamAV version devel-20040129 is looking for the database files in /usr/local/share/clamav. Please note: labserver:/var/lib/clamav# /usr/local/bin/freshclam --version freshclam / ClamAV version devel-20040129 so I am trying to run the correct version of freshclam (I have also checked that no other versions of freshclam exist on this machine). I haven't looked into why this should be so, possibly a hang over from the last cvs version I tried (clamav-devel-20031027) or the deb package I tried (clamav-0.60-10)? I did remove the deb package before building ClamAV version devel-20040129. Nothing untoward is reported in the freshclam logs, However I did notice that /var/lib/clamav is filling up with some "oddly" named files, see below. labserver:/var/lib/clamav# ls -l total 6720 -rw-r--r--1 clamav clamav 671587 Feb 2 09:40 2c32ffb6a337ad59 -rw-r--r--1 clamav clamav 671587 Feb 2 08:30 4eaeb04bd4770881 -rw-r--r--1 clamav clamav 671587 Jan 29 09:26 8835d2dfdc4bef4a -rw-r--r--1 clamav clamav 671587 Feb 1 08:30 b87c6dfd6063782b -rw-r--r--1 clamav clamav 671587 Jan 31 08:30 c40b5d04fa707af2 -rw-r--r--1 clamav clamav 671587 Jan 30 08:30 de3d62fa67305fe9 -rw-r--r--1 clamav clamav1037239 Jan 29 09:05 e03647661b51a6e7 -rw-r--r--1 root root 212 Jan 28 11:39 mirrors.txt -rw-r--r--1 clamav clamav1762362 Jan 28 16:03 viruses.db.orig -rw-r--r--1 clamav clamav 7929 Jan 28 16:33 viruses.db2.orig The two *.orig files were my attempt to force freshclam to perform a download as though for a new installation, but I was defeated by our Novel proxy! Anyway, I'm up & running again so thanks for the tip. I'll try out the snapshot on our archives. Best Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] many files in /var/lib/clamav created on the same day {Scanned}
On Tue, Feb 03, 2004 at 11:05:00AM +0200, Alexander Piavka wrote: > > Hi, i'm running mandrake9.1 and have the following rpms installed > libclamav1-0.66-0.20031204.1mdk > clamav-0.66-0.20031204.1mdk > clamd-0.66-0.20031204.1mdk > clamav-db-0.66-0.20031204.1mdk > libclamav1-devel-0.66-0.20031204.1mdk > clamav-milter-0.66-0.20031204.1mdk > > today i found that over just one night in /var/lib/clamav many dirctories > with mostly email text files were created, which took about 700M. This has > never happend before, what could be the cause of this? > > 0336627833969047/ 2af2095321235b73/ 5c3ef507d5c5efc6/ 8457b40ee1792a22/ > bd5dabbf44020ad3/ daily.cvd > 085b21e84059d9b3/ 303a659157f18301/ 5fa73c8b73bb6867/ 84622e91d0e49068/ > c08079e274465dbe df4bfa0fa22f315d/ > 092c251d0d96496d/ 3d092bbaabe4a60d/ 637edebca0cb377c/ 85774786e12e829f/ > cb8f1fa11b3e04a2/ eeb002563b1180e4/ > 0d97566bd3afb14e/ 45d4d76bda0e5ffb/ 6d3266f6ef310aa9/ a1519d4f7a57cbdc/ > clamd.socket= f1c8333948b66647/ > 10ee20f3d522354d/ 50202f10fe5ad4be/ 6fd188a041673a49/ a2d5c8767f7e2309/ > d36040d5db8a1348/ f5c8dce7a9af9546/ > 18cedd25c73cdf28/ 58916d995e603cbc/ 71d5f35c1017f136/ a86a69fb67cdd00b/ > d6c74b624e0b0fb7/ main.cvd > 28eea215bf4820f6/ 5bbec38cf37d40aa/ 7e310e8730db63ac/ bbd6932712de9c63/ > d74d177a6a0f8fc6/ mirrors.txt > > Thanks Just to say I reported this yesterday too. With clamav-devel-20040129, freshclam and our Novel http proxy, freshclam returns "1" for success but it hasn't worked - for some reason our Novel proxy causes a timeout and I think the server drops the connection. /var/lib/clamav/ fills up with the "oddly named" files and yet clamscan uses /usr/local/share/clamav/ for the location of viruses.*. I am hoping our IT guys can correct the problem with the Novel proxy. Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Contents of DBDIR {Scanned}
On Wed, Feb 04, 2004 at 12:34:33AM -0600, Justin wrote: > After getting 20040203 to compile tonight on my RH 9 box, I ran into > trouble starting the new daemon. It was convinced I had a "Malformed . . . > Everything seems to be running smoothly now. I wonder though, should I > have a main.cvd? Should I have a mirrors.txt? Am I missing something > else? Many thanks > > Justin Justin, Just a thought - what was the return code from freshclam? Was it "1" by any chance? I would be interested to know. Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Contents of DBDIR {Scanned}
On Wed, Feb 04, 2004 at 11:44:05AM -0600, Justin wrote: > On Wed, 4 Feb 2004, Jo Mills wrote: > > > Justin, > > > >Just a thought - what was the return code from freshclam? Was it > > "1" by any chance? I would be interested to know. > > Thanks for the reply, Jo. It looks like it's exiting with a 1. To my mind, I don't think it should be exiting with a "1". man freshclam shows: RETURN CODES 0 : Database succesfully updated. 1 : Database is up-to-date. and freshclam gives a return code of 1 even though the update process failed. Surely this is not correct? Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Malformed CVD header detected {Scanned}
Hi, Is anybody else having problems getting database updates or is it just me? I haven't changed my clam setups for ages (it's on my todo list), yet recently (as from Mon, 22 Mar 2004 17:23:01 +) I get the following: With freshclam 0.60: Current working dir is /usr/local/share/clamav Checking for a new database - started at Tue Mar 23 11:12:01 2004 Connected to database.clamav.net. Reading md5 sum (viruses.md5): ERROR: Malformed md5 checksum detected. ERROR: Can't get viruses.md5 sum from database.clamav.net With CVS freshclam version devel-20040129 Current working dir is /usr/local/share/clamav Max retries == 3 ClamAV update process started at Tue Mar 23 08:30:01 2004 Connecting via proxy.littleport Connected to database.clamav.net (10.100.130.2). Reading CVD header (main.cvd): ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (10.100.130.2) Trying again... Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Malformed CVD header detected {Scanned}
On Tue, Mar 23, 2004 at 08:53:40PM +0700, Fajar A. Nugraha wrote: > Jo Mills wrote: > > >Hi, > > > >Is anybody else having problems getting database updates or is it just > >me? I haven't changed my clam setups for ages (it's on my todo list), > >yet recently (as from Mon, 22 Mar 2004 17:23:01 +) I get the following: > > > [snip] > > > Does your proxy allow DNS TCP packets? > Try nslookup database.clamav.net on your proxy. > If you get an error, try adjusting your proxy or firewall to allow DNS > TCP packets. > > Regards, > > Fajar > [snip] Fajar, I considered this originally but then discounted it as the firewall on our system allows TCP DNS packets. However, I hadn't allowed for the main IT guys at the other end of our VPN being helpful! They must have stopped TCP packets for DNS sometime on Monday afternoon. I'll sort out some DNS servers from our ISP and (yet again!) work around the IT guys. (Trog helped out last time -> freshclam timeout erros - I ended having to build a Debian / Squid HTTP Proxy to bypass the official Novell HTTP proxy). Thanks again for your help, Best regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FreshClam and Proxy Settings... {Scanned}
On Mon, Apr 19, 2004 at 06:48:14AM -0500, Anthony Presley wrote: > On Sun, 2004-04-18 at 19:13, Tomasz Kojm wrote: > > On Fri, 16 Apr 2004 15:20:02 -0500 > > Anthony Presley <[EMAIL PROTECTED]> wrote: > > > > > Hi all -- > > > > > > I've downloaded and installed ClamAV .7 on my server, and it works > > > really well. All except freshclam, that is. > > > > > > I've created /etc/freshclam.conf (after copying from the distributed > > > file and editing), and changed the server and port settings to read: > > > > > > HTTPProxyServer 192.168.2.4 > > > > Please try to use a hostname instead of the IP of your PROXY server. > > I've tried, with both the hostname, and the complete hostname + > domain-name, ie: > > HTTPProxyServer www > > AND > > HTTPProxyServer www.domainname.com > > Same problem. > > Any more ideas? Apologies if I've missed the obvious, but I think it's just a case of logically breaking down your problem step by step and seeing where your setup is wrong. Where is your problem; before the proxy, with the proxy, after it, or a mixture of these? Possible things you could try: host www or similar from your "freshclam" machine to check your DNS works OK to find your proxy. Can you ping your proxy from the "freshclam" machine to see if the route is OK? Have you tried host database.clamav.net from your freshclam machine, you should see something like: database.clamav.net CNAME db.local.clamav.net db.local.clamav.net CNAME db.europe.clamav.net db.europe.clamav.netA 217.154.108.81 db.europe.clamav.netA 62.210.153.201 db.europe.clamav.netA 80.69.67.3 db.europe.clamav.netA 152.66.249.132 db.europe.clamav.netA 193.1.219.100 db.europe.clamav.netA 193.138.115.108 db.europe.clamav.netA 193.225.86.3 db.europe.clamav.netA 195.70.36.141 db.europe.clamav.netA 212.31.160.239 db.europe.clamav.netA 213.184.16.3 db.europe.clamav.netA 213.203.254.4 Have you tried traceroute database.clamav.net from your freshclam machine? I get the following when I try this (but then we have a vpn to head office so this looks a bit odd to me): traceroute: Warning: database.clamav.net has multiple addresses; using 193.138.115.108 traceroute to db.europe.clamav.net (193.138.115.108), 30 hops max, 38 byte packets 1 labgw-o (10.100.200.1) 0.364 ms 0.187 ms 0.099 ms 2 httpproxy-l (10.100.130.2) 0.375 ms 0.234 ms 0.183 ms 3 httpproxy-l (10.100.130.2) 0.348 ms 0.398 ms 0.340 ms Is the HTTPProxyPort is set to something sensible (maybe 8080), and are the HTTPProxyUsername and HTTPProxyPassword are also correctly set (or commented out) in freshclam.conf? Have you tried using the proxy from your "freshclam" machine for simple web browsing? Do you have a firewall issue? Do you know that the proxy actually works? Hope this helps, Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Worm.Hybris.D {Scanned}
On Wed, May 26, 2004 at 01:50:30PM +0200, Ivan Petroff wrote: > Hi everybody, > > when I run clamscan from the System Rescue CD (www.sysresccd.org) on a > Windows partition, I get a lot of "Worm.Hybris.D FOUND". > But when I check the "infected files" on http://www.gietl.com/test-clamav/, > it says they are not infected. > > I always update the latest virus definitions before scanning. > > Thank you for the ones who can help me. > > Ivan > Possiby a false positive? See http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi for how to submit a flase positive sample. Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with clamd in local network {Scanned}
On Thu, May 27, 2004 at 01:06:01PM +0200, Pippi Langstrumpf wrote: > Hi, > > how can i configure clamd in a local network? has > anybody some documentation (more detailed than the the > normal clamav docs..) > > Situation: > PC 1: installed clamd, clamav, clamav-base, > clamav-daemon, clamav-freshclam, libclamav1 > --> has internet connection (sometimes) > > PC2: installed clamav, clamav-base, clamav-freshclam, > libclamav1 > --> just local network > > PC1: db-update via internet > PC2: tries to connect to PC1 for db update with > freshclam > --> errormessage: > ClamAV update process started at Wed May 26 13:59:43 > 2004 > ERROR: Can't connect to port 80 of host 10.1.0.6 > (10.1.0.6) > ERROR: Connection with 10.1.0.6 (IP: 10.1.0.6) failed. > > some help? > Just a thought, but why do you run freshclam on PC2? If you ran freshclam via cron on PC1, then once PC1 has updated it's database(s) OK (check the return codes from Freshclam in the documentation) you could, as part of the same cron job, use scp (see SSH documentation if you're not familiar with scp) to copy the new database(s) to PC2 (and as many other PC's as you wish). Perhaps you could use NFS to "share" the directory on PC1 with other PC's? I guess it depends a bit on your security considerations and on what it is your trying to do. Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Freshclam not responding {Scanned}
On Thu, Jun 03, 2004 at 02:24:06PM +0100, Gervase wrote: > On Wed, 2004-06-02 at 15:49, Ron Snyder wrote: > > > if you do a 'dig database.clamav.net' or a 'host database.clamav.net', do > > you get useful answers? > > No. Both merely say: > "truncated, retrying in TCP mode, > timed out -no servers could be reached". > > I am baffled, especially by the fact that the problem first occurred > for no apparent reason while happily using Clamav 0.70. Don't give up! Have you tried something along the lines of: host google.co.uk You should see something like: google.co.ukA 216.239.59.104 google.co.ukA 216.239.39.104 google.co.ukA 216.239.57.104 If you don't, then I guess you have a problem interacting with your name server. If it does work, then you could try: traceroute google.co.uk We go through a proxy here which is firewalled, so my traceroute is as follows - but it shows the route up to and including the firewall so you know its getting at least that far. traceroute: Warning: google.co.uk has multiple addresses; using 216.239.39.104 traceroute to google.co.uk (216.239.39.104), 30 hops max, 38 byte packets 1 labgw-o (10.100.200.1) 0.540 ms 0.221 ms 0.110 ms 2 httpproxy-l (10.100.130.2) 0.321 ms 0.246 ms 0.200 ms 3 httpproxy-l (10.100.130.2) 0.348 ms 0.403 ms 0.316 ms A similar exercise with database.clamav.net resulted in: traceroute: Warning: database.clamav.net has multiple addresses; using 212.31.160.239 traceroute to db.europe.clamav.net (212.31.160.239), 30 hops max, 38 byte packets 1 labgw-o (10.100.200.1) 1.023 ms 0.513 ms 0.394 ms 2 httpproxy-l (10.100.130.2) 0.361 ms 0.440 ms 0.383 ms 3 httpproxy-l (10.100.130.2) 0.509 ms 0.465 ms 0.394 ms What happens is you try: host db.europe.clamav.net I get: db.europe.clamav.netA 193.19.98.136 db.europe.clamav.netA 193.52.101.131 db.europe.clamav.netA 193.138.115.108 db.europe.clamav.netA 193.225.86.3 db.europe.clamav.netA 195.13.43.28 db.europe.clamav.netA 195.70.36.141 db.europe.clamav.netA 195.92.99.99 db.europe.clamav.netA 212.14.28.36 db.europe.clamav.netA 212.31.160.239 db.europe.clamav.netA 212.162.12.159 db.europe.clamav.netA 213.184.16.3 db.europe.clamav.netA 213.203.254.4 db.europe.clamav.netA 62.210.153.201 db.europe.clamav.netA 80.69.67.3 db.europe.clamav.netA 147.229.3.16 db.europe.clamav.netA 152.66.249.132 db.europe.clamav.netA 193.1.219.100 What happens if you try: host 193.19.98.136 I get: Name: morden.dbplc.com Address: 193.19.98.136 I think it would be worth persevering and if you have to specify a few specific IP addresses for freshclam until you get your problem resolved then it's not so terrible. If host works with google.co.uk and it doesn't work with database.clamav.net then somewhere surely there must be a firewall blocking TCP DNS requests? Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem with Clamav on gentoo {Scanned}
On Thu, Jun 17, 2004 at 10:10:41AM +0300, Boris Stoev wrote: > Hi there ! > > I have Gentoo Linux on x86 platform. > My software is : > > net-mail/qmail-1.03-r13 > app-antivirus/clamav-0.70 > net-mail/qmail-scanner-1.16-r2 > mail-filter/spamassassin-2.63 > net-mail/vpopmail-5.4.0 > > My mail server is : > > Pentium 4 2,8Mhz > RAM 2GB > HDD 2x 200GB > Intel875 chipset > > I have 2898 mail accounts > > when I try to run clamav in qmail-scanner-queue.pl in my smtp log i have > this: > @400040d16cb708cc8294 X-Qmail-Scanner-1.16:[mail108746655742621446] > clam_scanner: corrupt or unknown ClamAV scanner error or > memory/resource/perms problem - exit status 50 > > > Please help me if you can > > BR Boris > Boris, Apologies if this is all wrong (I don't use Qmail) but I remembered a similar mail on the list from a few days ago. Is http://www.mail-archive.com/[EMAIL PROTECTED]/msg08970.html of any help? The end of the message says: > If scanning manually works but you get the above error in your log then you > may want to try raising your softlimit value in the qmail-smtpd run script. > It may be failing to load the database because of insufficient memory > allowed to the process. > > > Jim Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] checksum problems
On Wed, Jun 30, 2004 at 09:32:14AM +0200, Cristiano Paris wrote: > > Hi everyone, > > I've just installed clamav on an old Slack7 system. It seems to work > fine but freshclam refuses to update the Viruses DB. > > I get this error: > > ERROR: The checksum of downloaded database isn't ok. Please check it > yourself or try again. > > Any hint? > > Cristiano Cristiano, Have you checked all the obvious things - you can resolve the names in freshclam.conf OK. (i.e. DatabaseMirror database.clamav.net) There are loads of mails in the archive about DNS & UDP .v. TCP wrt packet size and the problems caused by this. There have also been various mails about building clam from sources and making sure that you have the correct libraries in place to support the digital signature of the database - possibly worth a look. Apart from firewall / DNS / digiatl signature issues I cannot think of another reason for freshclam not working. HTH, Jo. --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 checksum always wrong
On Wed, Jun 30, 2004 at 01:49:02PM -0600, Steve Lenti wrote: > I have tried adjusting the DatabaseMirror setting in the freshclam.conf > but it always uses these same 2 addresses. I'm thinking that somehow > one of the sources didn't get updated correctly, but how do I force > freshclam to obtain the updates from another server. > > TIA, > Steve > Steve, If you look at the clamav site and the mirrors page http://www.clamav.net/mirrors.html you will see lots of possible sites. If you then specify one of these in your freshclam.conf then I believe you will use that site. HTH Jo. --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] foto From: "Rse" To: "Modssl-users"
On Wed, Sep 01, 2004 at 02:20:37PM +0200, Maurizio Marini wrote: > as subscriber to Modssl-users, i'm receiving by yestarday many copies of an > email with subject: foto > coming from engelschall > i think some of them have received it , too > > is this mail infected? > if yes, why clamav doesn't recognize it? > maurizio > Hi Maurizio, Just to let you know we run ClamAV 0.75.1-3 (Debian package) here and it seems to have caught such a "foto" e-mail OK. Please see the report below: Date: Tue, 31 Aug 2004 20:26:46 +0100 To: [EMAIL PROTECTED] From: "MailScanner" <[EMAIL PROTECTED]> Subject: Warning: E-mail viruses detected The following e-mail messages were found to have viruses in them: Sender: [EMAIL PROTECTED] IP Address: 127.0.0.1 Recipient: @localhost Subject: foto MessageID: 1C2EH9-0002Sn-00 Report: ClamAV: fotos.zip contains Trojan.JS.RunMe As you can see, it seems to work OK. Regards, Jo. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam: Chunked Transfer Coding
Hi, First let me apologize if this is way off the mark, but it has aroused my curiosity. When you say "freshclam fails", do you get a return value of 1? I only ask because we have two Web Proxies in the office, one is a Novell box and the other is Squid/Debian. I built the Squid/Debian box as freshclam would not work through the Novell box and for various reasons too boring to go into here, it was just easier to re-route all non vpn traffic via a new proxy than get RSSI of the forehead negotiating with the IT dept - they control the Novell box. As I say, just curious. Regards, Jo. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Error 139 when running clamscan 0.60 on files {Scanned}
Dear All, I am running clamscan / ClamAV version 0.60 on an i686 Debian Woody 2.4.18-1-k7 system. When I run clamscan over one particular set of directories (old archive files) clamscan runs for a while and then produces the following output whilst returning error code 139. The error is very reproducible. Segmentation fault I see from the archives that a similar problem was reported by Scott Kveton on Fri, 8 Aug 2003 10:34:47 -0700, but Scott's problem was with scanning e-mails and defunct processes - there are no defunct processes left with the error I have. The latest stable download still seems to be 0.60 although mention is made of a 0.60-4 and a 0.60-5 version in another e-mail on the subject of error 139. I would be grateful for any suggestions on the best way to proceed, Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Debian packages - which Debian & how ClamAV is built {Scanned}
On Thu, Nov 13, 2003 at 01:29:21PM +, Mike Brodbelt wrote: > > It's be interesting to know how many people here run ClamAV on Debian, > which release of Debian they're using, which release of ClamAV they're > using, and whether they build locally installable packages themselves, > get them from some other source, or just install in /usr/local outside > the auspices of the package management system. > > Mike. > OK - I use Debian Woody on an AMD Duron(tm) file server. Linux version 2.4.18-1-k7 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #2 Sun Aug 10 09:21:59 EST 2003 Currently this is running clamscan / ClamAV version devel-20031029 I use Debian Woody on an AMD-K6(tm) very low volume mail server. Linux version 2.2.19 ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #1 Sat Sep 22 22:08:47 EST 2001 Currently this is running clamscan / ClamAV version 0.60 Currently (when I have the time) I just build under /usr/local and work outside of the package management system. It's not a solution I'm keen on but I live with it for one or two applications. Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Exclude extension from scanning
On Wed, May 18, 2005 at 01:28:43PM +0200, David wrote: > > > > But, if i need to exclude an extension. How i do it? > > > Thanx, > Pardon my butting in, but is this not more of a job for MailScanner or such? Once MailScanner (or similar) has decided which mails it is not going to reject, it then calls ClamAV to test for viruses. Regards, Jo. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav upgrade
On Mon, May 23, 2005 at 11:02:10AM +0200, Souza Simbota wrote: > > Am running SUSE 9 with clamav 0.80 and Postfix as the mailserver. I want to > upgrade clamav and I just downloaded "clamav-0.85.1.tar.gz". Can someone > give the procedure for doing this before I mess up my server. > > Thank you, > > SOUZA > Hi, Did you already try: http://wiki.clamav.net/index.php/UpgradeInstructions Regards, Jo. ___ http://lurker.clamav.net/list/clamav-users.html